CVE-2021-29998

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions prior to 6.5

Description The issue is related to a possible heap overflow in the DHCP client of Wind River VxWorks. This could allow a remote attacker to execute arbitrary code. The vulnerability is also present in the DHCP client of Siemens SCALANCE and Ruggedcom industrial switches, which are based on Wind River VxWorks.

Recommendations For versions prior to 6.5, update to version 6.5 or later to resolve the issue. As a temporary workaround, consider disabling the DHCP client until a patch is available. Restrict access to the DHCP client to minimize the risk of exploitation.

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

BDU:2022-04050

CVE-2021-29998

Affected Products

Ruggedcom

Scalance

Wind River Vxworks

CVE-2021-29998

Weakness Enumeration

Related Identifiers

Affected Products

References · 8